Monday, May 18, 2015

Foxit fuzzing ended

Because rebuilding my fuzzing machine took more time then predicted, I will not fuzz Foxit more and the results that I described the last time, are the final results (I do some additional analysis and then send them to the developers - it seems to be, that 15 unique crashes/memory corruptions are the final result after removing as many overlapses as I can with brief analysis). Also because my fuzzing environment changed (I used 32bit VMs and now use 64bit main machine directly), I can't also continue calculating the code coverage - the differences in the OS has created additional coverage paths and this would not give information I need for doing exact statistics.
With next filetype, I will do all the testing on the same environment and then hopefully will get better statistics up until the "end".

I will now continue using these 727 PDFs for testing other software and hopefully it will be as successful as it was with Foxit - it was surprising to get as many crashes/memory corruptions with only simple fuzzing on one home machine